CVE-2022-24106

high

Description

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

References

https://dl.xpdfreader.com/xpdf-4.04.tar.gz

http://www.xpdfreader.com/security-fixes.html

Details

Source: Mitre, NVD

Published: 2022-08-30

Updated: 2022-10-28

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High